Imgur geo-blocked the UK, so I geo-unblocked my network

blog.tymscar.com

272 points by tymscar 8 hours ago


omnicognate - 7 hours ago

> Second, even if I installed a VPN on my main machine, what about my phone? My laptop? My desktop? Every device would need the VPN running, and I’d have to remember to connect it before browsing. It’s messy.

This is what routers are for. My router (a cheap fanless box with several network ports running linux) is the only thing on my network that knows there's a VPN. I can selectively route whatever I want through it, including having a separate SSID/VLAN from which everything is routed through the VPN. It's wireguard based so there's no "installing a VPN", just an interface/network configured in systemd-networkd (once, on the router).

Edit: Routing by domain name could be tricky, though. I haven't had a need for that, and a proxy with local DNS override (as in the article) might needed if it came to that. I'd still do it on the router, though.

chatmasta - 7 minutes ago

Imgur is one of the more annoying UK geoblocks because they persist it with cookies, so if you want to view something you can’t just switch to VPN for a second without also changing browser sessions.

Reddit is worse… you can’t even view someone’s profile if they’ve ever submitted a post labeled NSFW.

JoshTriplett - 7 hours ago

I was hoping, from the title ("Geo-Unblocked") that this would be about arranging an IP address block that wasn't associated with the UK, rather than just selectively running some traffic through a VPN.

bennyp101 - 7 hours ago

"Is this overkill for viewing the occasional Imgur image? Probably."

From the last couple of weeks of researching some stuff, it makes perfect sense - I keep stumbling across blogs and documentation that uses Imgur, and it's really quite annoying that I can't see the screenshot or image that is being referenced. It hasn't /quite/ hit the point to put something in place, but this is super helpful for the final straw - when it comes!

crimsonnoodle58 - 42 minutes ago

That's a lot of steps for something that would be a simple route rule or mangle + mark routing on mikrotik.

The route rule would route out a VPN instead of the main route.

If the domain name resolves to many IPs you can keep an address list up to date using a simple script.

tom-9999 - 3 hours ago

This can be done on UniFi using policy based routing too trivially if anyone wants to repeat this.

Instructions using the unifi mobile app as it’s what I have to hand:

1) download wireguard conf file from vpn provider. On mobile app settings -> vpn client -> add new -> wireguard. Upload the file and save it

2) settings -> policy engine -> policy based routes. New. Select what to route -> specific traffic. Source = all devices. destination = domain name. Here add any domains you like. Interface = add the vpn you added in step 1

nomilk - an hour ago

> even if I installed a VPN on my main machine, what about my phone? My laptop? My desktop? Every device would need the VPN running, and I’d have to remember to connect it before browsing. It’s messy.

Is there a way to install a VPN such that requests to/from certain domains (e.g. imgur.com) are routed via the VPN and the rest of your traffic is via non-VPN?

This would solve the problem of constantly having to dis/re connect VPN, and do it in an automatic fashion (i.e. without the manual steps of first recognising there's an unavailable asset on the page, opening VPN app, switching it on etc).

Such a configuration would also be very useful in other situations, e.g:

- using social media in countries that require age-verification

- using apps that geoblock (e.g. spotify blocks my subscription every few days because it detects a change in country, but what it's really detecting is simply whether or not my VPN happens to be on/off)

- accessing sites which are blocked (e.g. Thailand blocks common UK news sites which have said unflattering things about Thai royalty).

nvarsj - 6 hours ago

I've done similar. But I just used PBR (policy based routing) on my OpenWRT router. Took about 15 minutes to set it up. You can pick which domains go through VPN. Works great.

jc__denton - 7 hours ago

I feel like I'd rather solve this with a proxy PAC file. I recently started using this on airplane Wi-Fi where they'd block VPNs, but strangely not SSH. Dynamic forwarding with a good PAC to "direct" connect the onboard entertainment and flight tracking hosts/URLs works great!

notepad0x90 - 2 hours ago

they block VPNs too, if yours is working it's just a matter of time until they get to it. Avoid using imgur entirely. What I find insidious is that unlike reddit and some other sites, they won't tell you it's blocked, they'll give you this:

{"data":{"error":"Imgur is temporarily over capacity. Please try again later."},"success":false,"status":403}

qwertox - 6 hours ago

> First, I just upgraded to 2.5 Gbps internet and I don’t want to route all my traffic through a VPN and take the speed hit. I have this bandwidth for a reason

You don't have to. You create a container which runs openvpn to connect to your vpn provider, and also hosts an ssh daemon. The ssh daemon receives incoming SOCKS5 connections from a firefox portable browser, which has been configured to use the proxy (your Docker openvpn-container) for browsing and DNS resolution, and pipes it through the VPN tunnel.

So you have that one browser just to surf imgur. if that's your thing. And you could also use Firefox on Android (maybe also iOS) with those proxy settings (a secondary Firefox browser, like the beta version).

So you get very high control about what you are using the VPN for, you don't just pipe your entire OS's network traffic through the VPN.

sunshinekitty - 7 hours ago

a-ha, if you happen to have a Unifi router then a simpler setup would be to do policy based routing by hostnames through a vpn client maintained in the router config

dom96 - 3 hours ago

> The key detail is network_mode: "service:gluetun"

Such a clear giveaway that this was written by an AI

kilroy123 - 7 hours ago

Nice work.

I've thought about doing something similar as well! It drives me nuts this ban, everywhere I look I see these blocked images. I thought about making a chrome extension that proxies.

peanut-walrus - 3 hours ago

If your VPN provider offers a socks5 instance you can do this entire thing with a socat oneliner + the dns hijack of course.

int0x29 - 6 hours ago

For some reason T-Mobile in the Bay Area can get randomly geoIPed to the UK so imgur just randomly breaks on my phone. Marvelous

Seattle3503 - 7 hours ago

Could this be built into open source routers? If you wanted to get fancy you could even select the best VPN for the particular service.

oliwarner - 7 hours ago

This is quite easy with OpenWRT.

Install the Wireguard packages, create a connection to your VPN of choice in a nearby country (I chose Sweden). Then I used the "vpn-policy-routing" package to route Imgur IPs (199.232.196.193 199.232.192.193) through the VPN.

Works for websites that keep nagging you for age verification too.

But seriously, it's been more emotional than I'd expected to get my cat memes back.

p0w3n3d - 4 hours ago

I wonder how did you overcome https. As I understand the request that goes to rerouted Imgur proxy will have different cert.

netXten - 6 hours ago

So you are just a simple GB citizen and some external site blocked access by country affiliation?! Is there any practical reason for blocking access to that site by geotargeting?

dinvlad - 4 hours ago

This is such a deep rabbit hole! Other alternatives include CDN and residential proxies, no VPN required

KaiserPro - 6 hours ago

I've not managed to succesfully use a VPN to get around the geoblock. It seems that most of VPN exit nodes are also blocked (but in a different way)

killingtime74 - 7 hours ago

Why not call it split tunneling, which is what it is.

prism56 - 6 hours ago

Interesting. I have nextdns.io and VPN proxy and a unifi router. Is this possible for me?

tamimio - an hour ago

It works great till you leave your house.

Unless you vpn back to your house, but then again, now you are using double vpn!

jonathanstrange - 2 hours ago

There is currently no alternative to geo-blocking the UK if you don't want to get threatening legal letters from Ofcom that order you to break the laws of your country.

arjie - 6 hours ago

Another thing that you can do when you have the IP address range is just run a traditional split-tunnel. A simple way to do that is to run Wireguard on a cheap VPS, then have only traffic to those fixed IPs go to that tunnel. The nice thing about this is that tiny WiFi routers (e.g. hAP AX S) these days support Wireguard at pretty decent speeds. Then anyone on your network gets this, and if you want it while you roam you can just run the Wireguard VPN on your phone as well with the same rules.

sunaookami - 4 hours ago

What's annoying about this block is that Imgur detects Telegram's server for image previews as coming from the UK but they are in the Netherlands so when someone sends an imgur link through Telegram with the little preview attached you now only get the "not available" image as prevew...

Razengan - 4 hours ago

Imgur doesn't even let me sign into my almost 10 year old account from many countries while traveling. Never seen this kind of wack shit anywhere else. The fuck's their problem?

Acrobatic_Road - 7 hours ago

Imagine having to install a vpn to browse the internet in a first world country.

Joshua-Peter - 7 hours ago

[dead]

John-Tony - 7 hours ago

[dead]

John-Tony12 - 7 hours ago

[dead]

internet2000 - 7 hours ago

> ⌘+F, "vote", Not found

Seems the author forgot one step.

toomuchtodo - 8 hours ago

Great work! Perhaps not the appropriate OSI layer, but would be cool if this could pull the imgur blob from the wayback machine if unavailable on imgur proper. You'd still need this networking setup, as archive.org is blocked as well in the UK per ground truth from others on HN.